New Mexico Now Has A Data Breach Notification Bill.

New Mexico will be the latest US state to add a data breach notification law to its books. Once the bill officially becomes a law, only two states – Alabama and South Dakota – will remain outsiders to the crazy idea that people should be notified if their personal data is hacked. You can read […] read more

Ashley Madison Passwords Easy To Crack After All.

Ah, Ashley Madison.  Even as one tries to move away from it to other issues, new problems surface like toxic malaise at a swamp: fraudulent $19 data scrubbings, men being conned by bots, some of the weakest passwords known to mankind securing their servers, an ex-CTO who supposedly hacked the competition…  Michael Corleone, I get […] read more

Encryption: Backdoors That “Work” Don’t Exist Because They Are A Fantasy.

Last week, FBI Director James Comey told senators that encryption was making it harder for the FBI to do its job. To back his words, he brought up examples of instances where the agency couldn’t access electronic information despite having the legal right to do so. And while you won’t find many denying that this […] read more

Maybe FTC Should Take To Task Breached Companies Claiming To Take "Security Seriously".

Apparently, 2015 is the year when everything old is new again: the encryption wars are back and gaining acceleration; TV shows and movies that were laid to rest are rising from their graves; and classic data breaches are raring their heads as well. For example, the site databreaches.net notes that Human Resource Advantage sent an […] read more

Data Encryption: Creating Passphrases That You Can Memorize While Thwarting Would-Be Monitors.

Over at firstlook.org, The Intercept has an article on creating passphrases (not passwords) that are strong and memorizable.  The trick lies in the number of elements (that is, how many words are used in the passphrase) and randomness.  Indeed, the principle is not different from how encryption works to secure data.  For example, AlertBoot’s managed […] read more

HIPAA Data Breach: Medical Office Alerts Patients That Nothing Happened.

I’ve just run across a data breach notification that is a first of its kind: a data breach where the affected organization tells its clients (technically, patients) that nothing happened.  It’s like the Seinfeld show of data breaches.  The breach notification letter is about nothing.  Absolutely nothing.  Yet, there is something there. All kidding aside, […] read more

Data Encryption: Can Moral Hazard Account For Low Levels Of Corporate Data Security?.

Over at theconversation.com, an article is tackling “why companies have little incentive to invest in cybersecurity.”  One of the arguments is that companies encounter moral hazard.  That is, they’re don’t really feel the effects of the risk of their actions because someone or something else is taking care of the hazard. Moral Hazard – Beneficiaries […] read more

Smartphone Security: Phone Theft Drops In Cities As Kill Switches Take Hold.

Reuters is reporting the unsurprising news that London, New York City, and San Francisco are seeing dramatic drops in smartphone thefts after the implementation of kill switches on devices became mandatory.  The ability to encrypt the contents of these devices has existed for years (via smartphone encryption that came either turned on by default or […] read more

HIPAA Encryption: Anthem Didn’t Encrypt Data Stolen In Massive Hack.

The wsj.com points out in an article that Anthem Inc, the health insurer that recently announced a massive data breach potentially affecting 80 million people, did not use health data encryption to secure the data that was stolen.  It also points out that applying encryption can be a “balancing act between protecting the information and […] read more